Primary

Context

Tenda FH1201 Stack-Based Buffer Overflow Vulnerability in SetIpBind Function

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda FH1201 router, specifically in the firmware version 1.2.0.14(408). The vulnerability arises in the SetIpBind function, where excessive data in the 'page' parameter leads to a buffer overflow during the processing of HTTP requests. This flaw can be exploited remotely, potentially allowing attackers to execute arbitrary code or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending an HTTP request to the '/goform/SetIpBind' endpoint with a 'page' parameter that contains excessive data. This can be done using a simple script that automates the process of sending the malformed request.

Added: Dec 21, 2025, 9:23 AM

Updated: Dec 21, 2025, 9:23 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda FH1201 Stack-Based Buffer Overflow Vulnerability in SetIpBind Function

Vulnerability

Impact

Reproduction

Affected Products

Tenda FH1201

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating